A malicious third-party can give a crafted ssh://… URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victims machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running git clone –recurse-submodules to trigger the vulnerability.
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Git | Git-scm | * | 2.7.5 (including) |
Git | Git-scm | 2.8.0 (including) | 2.8.0 (including) |
Git | Git-scm | 2.8.0-rc0 (including) | 2.8.0-rc0 (including) |
Git | Git-scm | 2.8.0-rc1 (including) | 2.8.0-rc1 (including) |
Git | Git-scm | 2.8.0-rc2 (including) | 2.8.0-rc2 (including) |
Git | Git-scm | 2.8.0-rc3 (including) | 2.8.0-rc3 (including) |
Git | Git-scm | 2.8.1 (including) | 2.8.1 (including) |
Git | Git-scm | 2.8.2 (including) | 2.8.2 (including) |
Git | Git-scm | 2.8.3 (including) | 2.8.3 (including) |
Git | Git-scm | 2.8.4 (including) | 2.8.4 (including) |
Git | Git-scm | 2.8.5 (including) | 2.8.5 (including) |
Git | Git-scm | 2.9.0 (including) | 2.9.0 (including) |
Git | Git-scm | 2.9.0-rc0 (including) | 2.9.0-rc0 (including) |
Git | Git-scm | 2.9.0-rc1 (including) | 2.9.0-rc1 (including) |
Git | Git-scm | 2.9.0-rc2 (including) | 2.9.0-rc2 (including) |
Git | Git-scm | 2.9.1 (including) | 2.9.1 (including) |
Git | Git-scm | 2.9.2 (including) | 2.9.2 (including) |
Git | Git-scm | 2.9.3 (including) | 2.9.3 (including) |
Git | Git-scm | 2.9.4 (including) | 2.9.4 (including) |
Git | Git-scm | 2.10.0 (including) | 2.10.0 (including) |
Git | Git-scm | 2.10.0-rc0 (including) | 2.10.0-rc0 (including) |
Git | Git-scm | 2.10.0-rc1 (including) | 2.10.0-rc1 (including) |
Git | Git-scm | 2.10.0-rc2 (including) | 2.10.0-rc2 (including) |
Git | Git-scm | 2.10.1 (including) | 2.10.1 (including) |
Git | Git-scm | 2.10.2 (including) | 2.10.2 (including) |
Git | Git-scm | 2.10.3 (including) | 2.10.3 (including) |
Git | Git-scm | 2.11.0 (including) | 2.11.0 (including) |
Git | Git-scm | 2.11.0-rc0 (including) | 2.11.0-rc0 (including) |
Git | Git-scm | 2.11.0-rc1 (including) | 2.11.0-rc1 (including) |
Git | Git-scm | 2.11.0-rc2 (including) | 2.11.0-rc2 (including) |
Git | Git-scm | 2.11.0-rc3 (including) | 2.11.0-rc3 (including) |
Git | Git-scm | 2.11.1 (including) | 2.11.1 (including) |
Git | Git-scm | 2.11.2 (including) | 2.11.2 (including) |
Git | Git-scm | 2.12.0 (including) | 2.12.0 (including) |
Git | Git-scm | 2.12.0-rc0 (including) | 2.12.0-rc0 (including) |
Git | Git-scm | 2.12.0-rc1 (including) | 2.12.0-rc1 (including) |
Git | Git-scm | 2.12.0-rc2 (including) | 2.12.0-rc2 (including) |
Git | Git-scm | 2.12.1 (including) | 2.12.1 (including) |
Git | Git-scm | 2.12.2 (including) | 2.12.2 (including) |
Git | Git-scm | 2.12.3 (including) | 2.12.3 (including) |
Git | Git-scm | 2.13.0 (including) | 2.13.0 (including) |
Git | Git-scm | 2.13.0-rc0 (including) | 2.13.0-rc0 (including) |
Git | Git-scm | 2.13.0-rc1 (including) | 2.13.0-rc1 (including) |
Git | Git-scm | 2.13.0-rc2 (including) | 2.13.0-rc2 (including) |
Git | Git-scm | 2.13.1 (including) | 2.13.1 (including) |
Git | Git-scm | 2.13.2 (including) | 2.13.2 (including) |
Git | Git-scm | 2.13.3 (including) | 2.13.3 (including) |
Git | Git-scm | 2.13.4 (including) | 2.13.4 (including) |
Git | Git-scm | 2.14.0 (including) | 2.14.0 (including) |
Git | Git-scm | 2.14.0-rc0 (including) | 2.14.0-rc0 (including) |
Git | Git-scm | 2.14.0-rc1 (including) | 2.14.0-rc1 (including) |